Forum / Remote Desktop Manager - Support

XML import private key data

  • Create an Issue
  • Cancel

Is there a way to define private key data in the XML file for import?

When exported, the file only includes <SafePrivateKeyData>

There's another post that mentions using <ClearTextPassword> (https://forum.devolutions.net/topic17796-import-password-via-xml.aspx) so I tried also ClearTextPrivareKeyData, but it doesn't seem to do anything (defined in <Credentials> or in the <Connection> object).

Clock6 mths

Hello,

I tested with RDM 14.1.3 if I import a Private Key using the XML file it works. I just add the content of my private key between <SafePrivateKeyData> and </SafePrivateKeyData>.

Also add the line <PrivateKeyType>Data</PrivateKeyType> to import the private key as Data in the database.

Best regards,



David Grandolfo

signaturesignature

Clock6 mths

Were you able to successfully use that key?

I also tried the same thing with 14.1.3.0, here's what I found:

  • The import appears to work, and it creates the key entry
  • I can't connect to anything using the imported file
  • When I Edit the entry it shows "Private key previously saved..." but when I click the view button, nothing happens
  • If I press OK to save it, the XML file is updated and the <SafePrivateKeyData> element is removed entirely

So it seems to me like it's silently ignoring the data in this element, presumably when it's not encrypted in the right format.

Here's what I'm importing:


<Connection>
<Credentials>
<CredentialType>PrivateKey</CredentialType>
<PrivateKeyType>Data</PrivateKeyType>
<SafePrivateKeyData>PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20190205
Public-Lines: 6
AAAAB3NzaC1yc2EAAAABJQAAAQEApu8xH5K3AO0MDyKBUikPZVVXn9l5Vyui8z/1
rUtYthkLVr5Abu3gP2LOEdA/FTBY3QMZF9FmyNL8Fu+qGdf0+l4Ftve3fNxaWVF3
6om6vsX5NHNN3F2/iudUIqrkWj6kxvRlhCoGDVh1NAq8WLl9wN5+l3tdGIhKoRx/
XbUb/wpoaljR3m0pLQGlHrEUaZkbutCsaiBc8yigWLUvGH+tUWtetN6HVKfV1f8J
R1FXA3RVljnoM0tKV36WN+50RHdvsunta8rZoSJueU0KU6T8NVup78HvsI4zqAin
JLkOVdzDoMuRR9qBHHeQ1kKVsKSuG0e2fpfHONREbT03cv1n/Q==
Private-Lines: 14
AAABAQCd6S53z/k4Oi4AepYBnHZY791ELpVgS99Uzcy4rw66F7DHrQyEm9QgSLUX
xP1nEg7e50FAC0WNiU9T93dkjgNpX9vkbck+wpqnhGqD6hGEB2FbIPagBadZ4b5K
TqCoZMViQSHCNZcFtIqLLMAA5tDm4E48RENOjsMix+4aXzYomZf2rgY9lhR25eaS
WRE1EzNA+Qs1J5t+TwekiGs0SiKMLtp41a525dU035CfTHHm7gD01uE4fAPuMJk/
E8kFUN8YXrnFLtWXlGQ5IWayvn/x4+C9fl0lDfZrlLrVYHnZRY1B/MY/s20IZOJh
BQr3SRgKYogcatI4zhTnNiz+fvARAAAAgQD0L5CSSjE0Pxxmw7H06Gt1avM7uudh
UWDsALqVBsyNaZFt9FtKGNDgQrA+dnEW6ce8L27L1QDlsBJiQ9wwSkoiXmdVE0ot
MsAUvVle/mDHkx7DPoMktzBUJC1P0Fsa33XwpwBZDQHE2SDz0hOlILAW+3QPs2dH
dZAbw/+u3JAbvwAAAIEArwLOc38Ds2jjk8BJMeKro1RSghfx2ukNwjUD/NpsEVOo
aOGv+dQXMXFbI00Lx7CFHAwxGFXHSo5dZhB5sUxUJvjrQayfnr+DpqQg0Q1WP6nW
+Rwfm7TwBuY+HMqRj+h8YjexX1aXZkHHZI79uRWCv4nghJ6FDz4Sh5ePO8PnG0MA
AACBAO59SwtJO6SXc60crJmHVNo6QP5pBRXfr2esO1fUBWIPAq8q+D0Bs0CmzM7j
iC61VkGD8/knoQkxkhGSgXdTNdoIUFI3nC0b35LXUNGBuO+uqGr/dTWnRFTGUnUB
NTn0E3u7xDL30NebY6VdWTNnMkF6Ny7qdyuiFvRhAYzI8ht0
Private-MAC: 9e44de96036941cb97432251fa2002f1423cfd43</SafePrivateKeyData>
</Credentials>
<ConnectionType>Credential</ConnectionType>
<CreatedBy>Import</CreatedBy>
<CreationDateTime>2019-02-07T02:01:37</CreationDateTime>
<Group>Test</Group>
<ID>e4286ade-4dbf-4099-be0e-df50d5631bb6</ID>
<Name>Test key</Name>
</Connection>

(Note this particular key is a fake one I just generated for the purposes of this test)

If I edit the entry using the RDM UI, and paste the exact key contents in (which I had between the SafeImportKey), everything works fine.

Clock6 mths

Hi,

I had a chat with the engineering department and what you think is exact. RDM is able to import the Private Key Data, therefore the information is not encrypted in an encryption field so they are not valid.

I'm not sure if we have the possibility to import Private Key, I will have to do further tests.

Before doing further tests, could you detail if you are trying to migrate private keys from another software to RDM and how many entries are you looking to import?

Best regards,



David Grandolfo

signaturesignature

Clock6 mths

I'm trying to automate importing instances from AWS, and wanted to distribute a single XML file (and potentially generate it/host it from a web server with its own security controls). Right now I have to distribute either the app to generate the xml or the xml file (haven't decided yet) PLUS all the certificates necessary.

I did look at the EC2 Synchronizer, but it doesn't look like it works for this:

  • There are three ways of accessing instances, depending on use and age of setup: public IP (some test systems), private IP via router-established VPN (older setup), private IP tunneled through a bastionhost (newer setup). There's custom logic to determine which method to use.
  • I am planning on adding tunnels to SQL server and MySQL as well, when detected, for both RDS and EC2-hosted databases. These would also go via VPN/bastionhost with the same logic (none of those are public)
  • We have the same VPC name deployed to multiple regions, and my app sorts this into folders like VPC>Region>system. I can't see how to do this with Ec2 Sync (in fact, I couldn't get it to use groups at all, but that's aside)
  • Depending on use we sometimes use a combination of name/instanceid/privateip to identify systems, so I was trying to concisely name them, and came up with eg ("SomeApp-backend (i123..546, 10.42.1.52)"). I don't think this can be done with EC2 sync

Clock6 mths

Hi,

If we add a <ClearPrivateKeyData> field when importing with XML, could this help?

Once the entry is imported, RDM will convert the field for <SafePrivateKeyData>.

As my Maurice mentioned on the other topic with you, we currently support only Putty Private Key.

Best regards,



David Grandolfo

signaturesignature

Clock6 mths

@David Yes, that would be perfect!

Separately, it would be nice if it'd support PEM format keys and automatically convert (even when importing from the UI) as AWS in particular exports PEM keys, and this would let you import them directly to RDM, without having to manually convert via puttygen or whatever first.

Clock6 mths

Thanks for your feedback, I will transfer this topic as a feature requests to the engineering department as a follow up our internal ticket number is RDMW-2089.

Regarding the PEM key, we have this on our to do list.

Regards,



David Grandolfo

signaturesignature

Clock6 mths